Hivelocity security alert - Heartbleed vulnerability

Hivelocity Customers,

Due to the recent discovery of a vulnerability within OpenSSL encryption known as HeartBleed, action is required to ensure your Linux server's data is secure. Windows servers are not affected. Below are 5 sets of instructions for fully-managed customers, self-managed customers, self-managed cPanel customers, self-managed Cloud Linux 6 customers and lastly instruction that everyone needs to follow once the patch is applied.

 

Fully-managed cPanel servers:

Because you have signed up with Hivelocity's managed services we have already applied a patch to your server that should fix the vulnerability. However, we encourage all customers to test their server at http://filippo.io/Heartbleed/ to confirm the vulnerability is in fact patched as some servers do need additional hands-on to resolve the issue. Once you are confident the vulnerability is patched we encourage all customers to re-key and reissue the certificate at your registrar. As a precaution we recommend resetting any passwords that would have been transmitted over the SSL before the patch was applied (today at noon Eastern Standard Time).

 

Self-managed cPanel servers:

Resolve the issue by running the following commands;

1. SSH to your server

2. yum update openssl

3. /scripts/upcp —force

4. /etc/init.d/cpanel restart

5. stop apache with the command: service httpd stop

6. kill any remaining apache processes

7. start apache with command: service httpd start

8. Please test your server at http://filippo.io/Heartbleed/ to confirm the server is patched.

9. If your server still shows vulnerable still after step #8 we have found it is necessary to recompile apache. Recompile apache and run step #8 again.

 

Self-managed Linux servers:

You will have to update openssl with the appropriate package manager and restart any services that rely on openssl.

Self-managed CloudLinux 6 servers:

Resolve the issue by running the following commands;

1. yum clean all

2. yum update openssl

3. cagefsctl --force-update (only if you have cagefs installed do you need to run this command, if you do not have this installed skip to step 4)

4. /etc/init.d/httpd stop

5. /etc/init.d/httpd start

 

Self-managed CloudLinux 6 servers:

Resolve the issue by running the following commands;

1. yum clean all

2.  yum update openssl

3.  cagefsctl --force-update (only if you have cagefs installed do you need to run this command, if you do not have this installed skip to step 4)

4.  /etc/init.d/httpd stop

5.  /etc/init.d/httpd start

 

All servers:

We encourage all customers to test their server at http://filippo.io/Heartbleed/ to confirm the vulnerability is in fact patched as some servers do need additional hands-on to resolve the issue. Once you are confident the vulnerability is patched we encourage all customers to re-key and reissue the certificate at your registrar. As a precaution we recommend resetting any passwords that would have been transmitted over the SSL before the patch was applied (today at noon Eastern Standard Time).

Below you will find a list of URLs to the portals that will allow you to re-issue your clients’ certificates:


If you have any questions please contact us right away via trouble ticket .

Hivelocity Support Team
HIVELOCITY | Engineering
888-869-4678 ext. 2 | Hivelocity.net